Privacy Policy (EEA/UK/Switzerland)

Vetigen, Inc. (together with our affiliates, "Vetigen", "we", "our", or "us") respects your privacy and is committed to keeping the information we collect from you or about you secure.

This Privacy Policy explains our practices regarding the Personal Data we collect from you or about you when you use our website, applications, and services (collectively, "Services"). This version applies specifically to individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland.

This Privacy Policy does not apply to content we process on behalf of business customers, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

The data controller of your personal data is:

Personal Information

• Name, surname, and title
• Email address, phone number
• Veterinary license number and diploma information
• Clinic name, address, and tax information

Medical Data

• Patient records (SOAP notes)
• Laboratory test results and imaging data
• Treatment plans and prescriptions
• Vaccination records and health history

Usage Data

• Platform usage activities and login logs
• Device information (IP address, browser type)
• Location data (city/country level)
• Data collected through cookies and similar technologies

Financial Information

• Payment card information (tokenized)
• Billing address and tax ID
• Payment transactions and invoice history

• Direct Collection: Information you enter through registration forms, profile updates, and clinic management
• Automated Collection: Through cookies, log files, and analytics tools
• From Third Parties: Laboratory integrations, payment providers, and supplier systems

Under GDPR, we process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): For marketing communications and optional features
• Contract Performance (Article 6(1)(b)): To provide platform services and manage your account
• Legal Obligation (Article 6(1)(c)): For tax, accounting, and regulatory reporting requirements
• Legitimate Interests (Article 6(1)(f)): For fraud prevention, security, and service improvement

• Provide platform services and manage your account
• Send you important notifications and support
• Improve our services and develop new features
• Ensure security, fraud prevention, and legal compliance
• Comply with legal and regulatory requirements
• Perform usage analysis and performance measurement

We do not share your personal data with third parties except in the following cases:

• Service Providers: AWS EU (hosting), Stripe (payment), Twilio (communication), Sentry (error tracking)
• Payment Processors: PCI-DSS compliant providers for secure payment processing
• Legal Requests: Court orders, legal investigations, or regulatory requirements
• Business Transfers: In case of merger, acquisition, or asset sale

All our third-party service providers are bound by strict data protection agreements and GDPR-compliant Data Processing Agreements (DPAs).

Your data is primarily stored in our AWS EU-Central-1 (Frankfurt, Germany) data center within the European Union.

For any transfers outside the EEA, we ensure appropriate safeguards are in place:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCC) approved by the European Commission
• Binding Corporate Rules where applicable

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account Data: As long as account is active + 2 years
• Medical Records: Legal retention period (10 years per EU veterinary regulations)
• Financial Records: 10 years per applicable tax law
• Marketing Data: Until consent withdrawn or 3 years of inactivity

We implement industry-standard technical and organizational measures to protect your data:

• TLS 1.3 in transit, AES-256 encryption at rest
• Role-based access control and multi-factor authentication
• 24/7 security monitoring and threat detection
• Daily automatic backups and disaster recovery plan
• Incident response team and 72-hour breach notification as required by GDPR
• Regular security and data protection training for employees

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access (Article 15): Request a copy of the personal data we process about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Article 17): Request deletion of your personal data under certain conditions
• Right to Restrict Processing (Article 18): Request temporary suspension of data processing
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
• Rights Related to Automated Decision Making (Article 22): Not be subject to decisions based solely on automated processing
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent

To exercise your rights, please contact us at privacy@vetigen.com or dpo@vetigen.com. We will respond within 30 days as required by GDPR.

Our website and platform use cookies and similar tracking technologies.

For detailed information, please review our Cookie Policy.

Our services are not designed for individuals under 16 years old (or the applicable age of consent in your jurisdiction).

We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements.

Significant changes will be notified via email and posted on our website with a new effective date.

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection supervisory authority:

For privacy-related questions or to exercise your data protection rights: